Le 09/08/2019 à 07:22, Xavier a écrit :
> Le 08/08/2019 à 18:25, Xavier a écrit :
>> Le 08/08/2019 à 09:31, Xavier a écrit :
>>> Le 08/08/2019 à 08:09, Xavier a écrit :
Le 08/08/2019 à 07:24, Xavier a écrit :
> Le 08/08/2019 à 07:11, Xavier a écrit :
>> Hi,
>>
>> looking at
FYI: The status of the node-url-loader source package
in Debian's testing distribution has changed.
Previous version: 0.5.9-1
Current version: 1.1.2-1
--
This email is automatically generated once a day. As the installation of
new packages into testing happens multiple times a day you
FYI: The status of the node-source-map-support source package
in Debian's testing distribution has changed.
Previous version: 0.5.12+ds-2
Current version: 0.5.13+ds-1
--
This email is automatically generated once a day. As the installation of
new packages into testing happens multiple
FYI: The status of the node-sqlite3 source package
in Debian's testing distribution has changed.
Previous version: 4.0.6+ds1-2
Current version: 4.0.9+ds1-1
--
This email is automatically generated once a day. As the installation of
new packages into testing happens multiple times a day
FYI: The status of the node-matcher source package
in Debian's testing distribution has changed.
Previous version: 1.0.0-2
Current version: 1.1.1-2
--
This email is automatically generated once a day. As the installation of
new packages into testing happens multiple times a day you will
FYI: The status of the node-flush-write-stream source package
in Debian's testing distribution has changed.
Previous version: 1.0.3-1
Current version: 2.0.0-2
--
This email is automatically generated once a day. As the installation of
new packages into testing happens multiple times a day
FYI: The status of the node-array-union source package
in Debian's testing distribution has changed.
Previous version: 1.0.2-1
Current version: 2.0.0-2
--
This email is automatically generated once a day. As the installation of
new packages into testing happens multiple times a day you
FYI: The status of the node-regexpu-core source package
in Debian's testing distribution has changed.
Previous version: 4.5.4+ds-1
Current version: 4.5.4+ds-2
--
This email is automatically generated once a day. As the installation of
new packages into testing happens multiple times a day
FYI: The status of the node-strip-ansi source package
in Debian's testing distribution has changed.
Previous version: 4.0.0-1
Current version: 5.2.0-2
--
This email is automatically generated once a day. As the installation of
new packages into testing happens multiple times a day you
FYI: The status of the node-irregular-plurals source package
in Debian's testing distribution has changed.
Previous version: 1.2.0-2
Current version: 2.0.0-2
--
This email is automatically generated once a day. As the installation of
new packages into testing happens multiple times a day
FYI: The status of the node-tmp source package
in Debian's testing distribution has changed.
Previous version: 0.0.31-1
Current version: 0.0.33+dfsg-2
--
This email is automatically generated once a day. As the installation of
new packages into testing happens multiple times a day you
Your message dated Tue, 13 Aug 2019 20:57:50 +
with message-id
and subject line Bug#907599: fixed in node-parse-json 5.0.0-2
has caused the Debian Bug report #907599,
regarding node-parse-json: Please package new upstream version
to be marked as done.
This means that you claim that the
Accepted:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Format: 1.8
Date: Tue, 13 Aug 2019 22:21:22 +0200
Source: node-cosmiconfig
Architecture: source
Version: 5.2.1-2
Distribution: unstable
Urgency: medium
Maintainer: Debian Javascript Maintainers
Changed-By: Xavier Guimard
Changes:
Accepted:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Format: 1.8
Date: Tue, 13 Aug 2019 21:58:23 +0200
Source: node-parse-json
Architecture: source
Version: 5.0.0-2
Distribution: unstable
Urgency: medium
Maintainer: Debian Javascript Maintainers
Changed-By: Xavier Guimard
Closes:
node-cosmiconfig_5.2.1-2_sourceonly.changes uploaded successfully to localhost
along with the files:
node-cosmiconfig_5.2.1-2.dsc
node-cosmiconfig_5.2.1-2.debian.tar.xz
Greetings,
Your Debian queue daemon (running on host usper.debian.org)
--
Pkg-javascript-devel mailing list
Source: node-mysql
Version: 2.16.0-2
Severity: important
Tags: security upstream
Forwarded: https://github.com/mysqljs/mysql/issues/2257
Hi,
The following vulnerability was published for node-mysql. I'm opening
this bug for now mainly for tracking. The upstream issue got locked
down and the
node-parse-json_5.0.0-2_sourceonly.changes uploaded successfully to localhost
along with the files:
node-parse-json_5.0.0-2.dsc
node-parse-json_5.0.0-2.debian.tar.xz
Greetings,
Your Debian queue daemon (running on host usper.debian.org)
--
Pkg-javascript-devel mailing list
Package: release.debian.org
Severity: normal
Tags: buster
User: release.debian@packages.debian.org
Usertags: pu
Hi all,
node-lodash is vulnerable to prototype pollution (#933079,
CVE-2019-10744). I imported upstream fix in the attached debdiff.
Cheers,
Xavier
diff --git a/debian/changelog
package: node-lodash
version: 4.17.11+dfsg-4
The entire description is:
Description-en: Lo-dash is a Node.js utility library
Lo-dash is a Node.js utility library delivering
consistency, customization, performance, & extras.
Your message dated Tue, 13 Aug 2019 16:19:44 +
with message-id
and subject line Bug#933079: fixed in node-lodash 4.17.15+dfsg-1
has caused the Debian Bug report #933079,
regarding node-lodash: CVE-2019-10744
to be marked as done.
This means that you claim that the problem has been dealt
Processing control commands:
> severity -1 normal
Bug #933868 {Done: Pirate Praveen } [grunt] grunt should
look for tasks in /usr/share/nodejs as well
Severity set to 'normal' from 'grave'
--
933868: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=933868
Debian Bug Tracking System
Contact
Control: severity -1 normal
Decreasing severity since no stable package installs something in
/usr/share/nodejs (apt-file search /usr/share/nodejs returns nothing).
Bug exists only for backports and can be workaround using a grunt backport.
--
Pkg-javascript-devel mailing list
binary:node-vue-resource is NEW.
binary:node-vue-resource is NEW.
source:node-vue-resource is NEW.
Your package has been put into the NEW queue, which requires manual action
from the ftpteam to process. The upload was otherwise valid (it had a good
OpenPGP signature and file hashes are valid), so
node-vue-resource_1.5.1+dfsg-3~bpo10+1_amd64.changes uploaded successfully to
localhost
along with the files:
node-vue-resource_1.5.1+dfsg-3~bpo10+1.dsc
node-vue-resource_1.5.1+dfsg.orig.tar.xz
node-vue-resource_1.5.1+dfsg-3~bpo10+1.debian.tar.xz
24 matches
Mail list logo